# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: MetaDroid

# Reference: https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html

178.132.6.150:3000
185.215.113.42:3000
185.215.113.81:3000
185.215.113.94:3000

# Reference: https://twitter.com/malwrhunterteam/status/1447613589456621569
# Reference: https://twitter.com/malwrhunterteam/status/1506698319992655875
# Reference: https://twitter.com/a1exeremin/status/1447679196042604544
# Reference: https://twitter.com/ViriBack/status/1475455704571985921
# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.100/relations
# Reference: https://www.virustotal.com/gui/file/1261e271402ea43f0a51294c7037b6d9da627500ea7e6644f5b9f608f7368928/detection
# Reference: https://www.virustotal.com/gui/file/0911af4b050e632cba517adcf27e2550cb5685e8c88cea2ff164ecb0bdc42904/detection
# Reference: https://www.virustotal.com/gui/file/81249654f8bdea0a179afe97e7abf7d455f2ef821ea1c24521cecdcc8b7d3bdf/detection
# Reference: https://www.virustotal.com/gui/file/f42e34e3f19589895467eb15a73605df302cafd0ed0dedc571308e3ce55f8a78/detection
# Reference: https://www.virustotal.com/gui/file/c509ce7942ec45ba33eee473aacc158c5750957a56929bce07f2f31c59b395e0/detection

185.215.113.81:3000
185.215.113.100:3000
185.215.113.100:3434
185.215.113.59:3434
193.106.191.148:3434
ermac.icu
fghjngjkjgy.ga
/2iq5gqb84krcezxjhl.php
/2lsqn0nw5n.php
/3nl3.php
/5kvoe.php
/5yk3j1gowg5c.php
/a357na0rnxbw9illf.php
/cc3t9t7rdfz8.php
/kch7j27y5welfhkzqt.php
/lf7xbkvzloig.php
/p5ndowme.php
/wzv3g0jmiwua.php
/x9v8e.php
/xxovkl45054m1rmu.php

# Reference: https://twitter.com/malwrhunterteam/status/1514928660675014656
# Reference: https://www.virustotal.com/gui/file/fc09f1e1b7fcf70770b0d52c5f203472c10dc98b6717b2f0bc343b5d1947056f/detection
# Reference: https://www.virustotal.com/gui/file/c7e7489531d3fa243cd775cfafacefd473f2ae71a3e9cdd5331db60a11198896/detection

194.26.29.28:3434
/0kkl5nd7i2956678a9l.php
/1qk5jb1m6l2fka.php
/48tznctyvhev920.php
/4g1o0.php
/5eqr7narx7uarp.php
/9b5786npucessoc.php
/drg23mwx9.php
/edwypp9a1.php
/goljim4v58rk782.php
/h4ry5wb03lys5.php
/i9924d17g.php
/kpak1iq09.php
/mi0sr3c1qc1qir.php
/q9sf5kefkvxt94.php
/v6gbc9rsq3q1dt.php
/vfcakqx84rt6gwj.php
/xirbarg7dz.php
/yk1j2r7.php
/zfww.php

# Reference: https://twitter.com/pmmkowalczyk/status/1516779700953174017
# Reference: https://www.virustotal.com/gui/file/4b4712848697ba87a74eadca39afd93fc22b436647c4186879a19b12fc8ecc88/detection
# Reference: https://www.virustotal.com/gui/file/b35a51dd3d07f023f2235772857c8d04ec420e5f8fcf1ef3a416af4400cdb4fb/detection

193.106.191.116:3434
/4ugv0rt87ey1prjrx.php
/7919kocnto1lxhulud8.php
/8cepqi41rstpl4uv.php
/8p2yidc2m8atj8lb.php
/cmgiusaew29n0qyd3i1m.php
/cq05tmqtkaxft5qv769g.php
/f06osvq.php
/g89k5v1v.php
/gh1ieakq3.php
/qfinq.php
/qlwgp1d813.php
/s56680kc36e1ruhyb.php
/tc5gm7omu7en6.php
/u5xujynybl.php
/utv23m.php
/wmzjb4ijh.php

# Reference: https://twitter.com/ESETresearch/status/1526897310231322630
# Reference: https://blog.cyble.com/2022/05/25/ermac-back-in-action/
# Referennce: https://otx.alienvault.com/pulse/628e4b375bc6bbd74c7b920e
# Reference: https://www.virustotal.com/gui/file/2cc727c4249235f36bbc5024d5a5cb708c0f6d3659151afc5ae5d42d55212cb5/detection

http://185.215.113.100
http://193.106.191.116
http://193.106.191.118
http://193.106.191.121
http://193.106.191.148
185.215.113.100:3434
193.106.191.116:3434
193.106.191.118:3434
193.106.191.121:3434
193.106.191.148:3434
bolt-food.site
boltfood.site
/wfxgi.php
/gehwonr1ja.php
/5xeer7yia3fb0h.php
/bjcwnlxnqjq.php
/0xdflkzbi.php
/15s9gps5jkj0tuzp.php
/p2ocy7hfx30vz.php

# Reference: https://twitter.com/malwrhunterteam/status/1527732575401304066
# Reference: https://www.virustotal.com/gui/file/59e83ad07fc5944c90d06f8528d32c8cf3bd85da28cd4c4a6161d3413393c60a/detection

a2zgstcenter.com
design.a2zgstcenter.com
files.a2zgstcenter.com
fu.a2zgstcenter.com
kinkyapp.a2zgstcenter.com
onflyfansleaks.a2zgstcenter.com
porno.a2zgstcenter.com
track.a2zgstcenter.com
ys.a2zgstcenter.com
/damxvy2x006.php
/rrg748vxuxk.php

# Reference: https://twitter.com/malwrhunterteam/status/1527985074825732099
# Reference: https://www.virustotal.com/gui/file/f4d18662c927380a2d30eba367fafd3746fa137df499cb50d49e591a420aa95d/detection

http://45.141.85.25
45.141.85.25:3434
apkphoto.co.nz
/4nep90ruob0vphc.php
/78nyseehouzeh05xv98.php
/adbo5is6.php
/cyl392t.php
/f0j0aden00d2n.php
/gc3juqpqdcl.php
/i9hna3hczxbyqx.php
/jlsh5yrqgwxo.php
/njz0de7jwqjmeqx.php
/sy34cndqt.php
/u63suuv3728n8.php
/xnp7uhisi.php
/zw1zlr4oip6zt53rsbr.php
