# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1193539893000986624
# Reference: https://www.virustotal.com/gui/ip-address/130.185.238.32/relations
# Reference: https://www.virustotal.com/gui/file/179349534f184774b18b7dbcf7442a537fe640e373f5c4cc6b39d3076240c11b/detection
# Reference: https://www.virustotal.com/gui/file/9cc448001e8ed355520e26c328d33f1b8031b26796923608cdf920fb6617dbb2/detection
# Reference: https://www.virustotal.com/gui/file/b078b3cba73f7dc905d395b014f610000ab37cc1500be00d64ce48c7cd9378b2/detection

http://130.185.238.32
coinstolkbr79.dyndns.org

# Reference: https://twitter.com/reecdeep/status/1291002877633331201
# Reference: https://app.any.run/tasks/1c5c1fef-a022-4143-b3d8-e365a38b8a20/
# Reference: https://www.virustotal.com/gui/file/8df61999996b08c2f77e53869f75e2ea399f1bad5a5dc5d5969f4b5e9d8d5751/detection

142.11.212.211:8081
pizzacircusbarcelona.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1291013627680624642

167.114.217.220:9090

# Reference: https://twitter.com/Dashowl/status/1296886074053099520

http://173.0.54.19

# Reference: https://twitter.com/JAMESWT_MHT/status/1303248634507657216

155.138.137.44:3030

# Reference: https://twitter.com/K_N1kolenko/status/1328605692643713025

146.59.193.20:1948

# Reference: https://twitter.com/ESETresearch/status/1390263927859208193
# Reference: https://twitter.com/ESETresearch/status/1390263930833063938

binanceassistance.com
spotifyannounce.com

# Reference: https://twitter.com/johnk3r/status/1524847789766852630

24.152.38.130:4398

# Reference: https://twitter.com/da_667/status/1530296455981936646
# Reference: https://www.virustotal.com/gui/ip-address/167.114.88.99/relations
# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/grandoreiro-banking-malware-resurfaces-for-tax-season/

167.114.43.27:4433
belfaro.com.br
iuc1tab1tatitbw.freedynamicdns.org
iuc1tag1sjsdtbb.freedynamicdns.org
iuc1tan1xatmtkk.freedynamicdns.org
iuc1tan1xqs4tjf.freedynamicdns.org
iuc1tas1satjtjo.freedynamicdns.org
iuc1tas1xao3taf.freedynamicdns.org
iuc1tbb0sqpmtak.freedynamicdns.org
iuc1tbs0taoztjw.freedynamicdns.org
iuc1tbw0sasztjb.freedynamicdns.org
iuc1tbw1xjoztko.freedynamicdns.org
iuc1tjf0satltbs.freedynamicdns.org
iuc1tjj0uas0tbs.freedynamicdns.org
iuc1tjk0sqpltbo.freedynamicdns.org
iuc1tjk0xqpltbo.freedynamicdns.org
iuc1tko1sqs5tjg.freedynamicdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1531566144594841601

http://20.187.91.219
20.187.91.219:44441

# Generic

/Adkflgog30.iso
/dyngcdnefn_03.iso
/nivyjlzhdj_04.iso
/nnkokysdggit.iso
/obmkumjoxq_05.iso
/ugqvhozczb_04.iso
/yqcnfempzc.iso
/ronivon.txt
